Industry: Secondary Education
The New York State Senate recently passed The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, leaving only the Governor’s signature as the final step to the SHIELD Act becoming the country’s newest—and one of the most stringent—breach notification laws. Given Governor Cuomo’s previous support for robust cybersecurity protection, New York may soon join a growing number of states beefing up their notification statutes.
On January 18, 2018, the New York State Education Department (“NYSED”) announced that one of its vendors, Questar Assessment, experienced a data breach resulting in the unauthorized disclosure of personal information from students in five different New York schools. While the data breach reportedly affected only a small number of students that had registered for online testing in spring 2017, it nonetheless exposed sensitive personally identifiable information from those students. And despite its narrow scope, this breach potentially threatens public (and parent) confidence in the security of sensitive student information at a time when New York schools are moving more and more of their activities online.